########################################################################################## PHPCRED-27: An Injected Session will still be accepted if the Sessionkey is blank ########################################################################################## Issue Type: Bug ----------------------------------------------------------------------------------------- Issue Information ==================== Priority: Major Status: Closed Resolution: Fixed (2014-11-11 19:37:29) Project: PHPCredlocker (PHPCRED) Reported By: btasker Assigned To: btasker Affected Versions: - 1.5 Targeted for fix in version: - 1.25 Time Estimate: 0 minutes Time Logged: 0 minutes ----------------------------------------------------------------------------------------- Issue Description ================== When the filesystem is checked for the corresponding key, it's not checked whether the sessionkey is empty, and so a null value could be accepted (it'll probably break other things if it is, but best to catch it early). ----------------------------------------------------------------------------------------- Activity ========== ----------------------------------------------------------------------------------------- 2014-11-11 19:35:42 btasker ----------------------------------------------------------------------------------------- This issue was fixed a little while back - https://github.com/bentasker/PHPCredLocker/commit/d56dc2bd6c0a3a2a7b1e5a01c21ef706ed080c0d ----------------------------------------------------------------------------------------- 2014-11-11 19:37:29 ----------------------------------------------------------------------------------------- btasker changed status from 'Open' to 'Resolved' ----------------------------------------------------------------------------------------- 2014-11-11 19:37:29 ----------------------------------------------------------------------------------------- btasker added 'Fixed' to resolution ----------------------------------------------------------------------------------------- 2014-11-11 19:38:10 ----------------------------------------------------------------------------------------- btasker changed status from 'Resolved' to 'Closed'